Mogui Dong

**Name of the Vulnerable Software and Affected Versions** Billing System Project version 1.0 **Description** The Billing System Project contains a remote code execution (RCE) issue via the `/php action/createProduct.php` component. This allows for potential code execution from a remote location. **Recommendations** For Billing System Project version 1.0, consider disabling access to the `/php action/createProduct.php` component until a fix is available. Restricting access to this component can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Billing System Project version 1.0 **Description** A SQL injection issue was found in the Billing System Project. The vulnerability is exploitable via the `id` parameter at the "/phpinventory/edituser.php" API endpoint. This allows for potential unauthorized access to sensitive data. **Recommendations** For Billing System Project version 1.0, consider restricting access to the "/phpinventory/edituser.php" endpoint until a fix is available. As a temporary workaround, avoid using the `id` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Billing System Project version 1.0 **Description** A SQL injection issue was found in the Billing System Project via the `id` parameter at the "/phpinventory/editcategory.php" API endpoint. This allows for potential exploitation. **Recommendations** For Billing System Project version 1.0, consider restricting access to the "/phpinventory/editcategory.php" endpoint until a fix is available, and avoid using the `id` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.